fyi: Storm Worm botnet numbers, via Microsoft

2007-10-02 Thread Jeff . Hodges
food for consideration. yes, #s are from MSFT as he notes, but are the only ones we have presently wrt actual Storm extent, yes? If not, pls post pointers... =JeffH -- Storm Worm botnet numbers, via Microsoft http://blogs.zdnet.com/security/?p=533 Posted by Ryan Naraine @ 7:40 am

Re: Enigma for sale on eBay

2007-07-21 Thread Jeff . Hodges
[EMAIL PROTECTED] said: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=270146164488 ebay now says (as of when this messge is sent): This Listing Is Unavailable This listing (270146164488) has been removed or is no longer available. Please make sure you entered the right

fyi: UK National Information Assurance Strategy Launched

2007-07-03 Thread Jeff . Hodges
From: Peter Tomlinson [EMAIL PROTECTED] Subject: National IA Strategy To: [EMAIL PROTECTED] Date: Mon, 02 Jul 2007 16:00:16 +0100 From http://www.cabinetoffice.gov.uk/csia/ : News National Information Assurance Strategy launched

Re: Free Rootkit with Every New Intel Machine (aka TPM, AMT)

2007-06-27 Thread Jeff . Hodges
i'd also scrawled: my understanding from a person active in the NEA working group [1] (IETF) is that TPMs these days come along for free because they're included on-die in at least one of said chips. [EMAIL PROTECTED] said: Check again. A few months ago I was chatting with someone who

fyi: SHA-2 patent status

2007-06-25 Thread Jeff . Hodges
of possible interest... Original Message Subject: [saag] SHA-2 patent status Date: Mon, 25 Jun 2007 09:55:46 -0700 From: Paul Hoffman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Of possible interest (but hopefully no concern) to this list: a new IPR statement from the NSA to the

Re: Free Rootkit with Every New Intel Machine

2007-06-22 Thread Jeff . Hodges
[EMAIL PROTECTED] said: With TPMs it's a bit different, they're absent from the hardware by default in case you're referring to the TCPA (trusted computing platform alliance) TPM.. my understanding from a person active in the NEA working group (IETF) is that TPMs these days come along for

fyi: Ross Anderson on UK ATM fraud

2007-06-21 Thread Jeff . Hodges
see also: Reliability of security systems http://www.cl.cam.ac.uk/~rja14/#Reliability =JeffH From: Ross Anderson [EMAIL PROTECTED] Subject: Newsnight tonight To: [EMAIL PROTECTED] Date: Wed, 20 Jun 2007 19:19:24 +0100 We helped make a piece on ATM fraud a few weeks ago for

wrt Network Endpoint Assessment (was: Re: Free Rootkit with Every New Intel Machine)

2007-06-21 Thread Jeff . Hodges
of potential related interest is.. Network Endpoint Assessment (NEA): Overview and Requirements http://www.ietf.org/internet-drafts/draft-ietf-nea-requirements-02.txt note term remediate/remediation. relevant snippage below. see also..

fyi: A5 Cracking Project

2007-05-07 Thread Jeff . Hodges
From: steve [EMAIL PROTECTED] Subject: A5 Cracking Project To: [EMAIL PROTECTED] Date: Sun, 6 May 2007 16:54:58 + Hi, we are inviting people to design and build a A5/1 cracking machine. We are security enthusiasts. We started in January 2007 and built a GSM Receiver for 700 USD

Re: Public key encrypt-then-sign or sign-then-encrypt?

2007-04-27 Thread Jeff . Hodges
There's also this paper.. Donald T. Davis, Defective Sign Encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, and XML., Proc. Usenix Tech. Conf. 2001 (Boston, Mass., June 25-30, 2001), pp. 65-78 http://world.std.com/~dtd/#sign_encrypt ..which addresses some of the questions, in a certain context,

Re: Skype reverse-engineering details]

2006-12-21 Thread Jeff . Hodges
Yes, that's a very interesting slide deck. An alternative URL to the talk is in this blog posting.. Skype.exe innards revealed... http://identitymeme.org/archives/2006/04/06/skypeexe-innards-revealed/ =JeffH - The

fyi: On-card displays

2006-09-20 Thread Jeff . Hodges
From: Ian Brown [EMAIL PROTECTED] Subject: On-card displays To: [EMAIL PROTECTED] Date: Wed, 20 Sep 2006 07:29:13 +0100 Via Bruce Schneier's blog, flexible displays that can sit on smartcards. So we finally have an output mechanism that means you don't have to trust smartcard terminal displays:

fyi: Ross' Book now online

2006-08-30 Thread Jeff . Hodges
From: Ross Anderson [EMAIL PROTECTED] Subject: Ross' Book now online To: [EMAIL PROTECTED] Date: Fri, 25 Aug 2006 18:17:30 +0100 I finally managed to persuade Wiley to let me put Security Engineering online for free download: http://www.cl.cam.ac.uk/~rja14/book.html Some of the chapters in

Re: mailer certificate retrieval via LDAP?

2006-06-09 Thread Jeff . Hodges
You should consider also posting your query to ldap@umich.edu JeffH - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

fyi: Deniable File System - Rubberhose

2006-04-19 Thread Jeff . Hodges
From: Owen Blacker [EMAIL PROTECTED] Subject: Deniable File System To: UK Crypto list [EMAIL PROTECTED] Date: Wed, 19 Apr 2006 11:43:18 +0100 (BST) Reply-To: [EMAIL PROTECTED] http://www.schneier.com/blog/archives/2006/04/deniable_file_s.html Some years ago I did some design work on something I

fyi: talk: Reflective side-channel cryptanalysis

2005-07-11 Thread Jeff . Hodges
From: Eu-Jin Goh [EMAIL PROTECTED] Subject: FRI 15 JULY 1630 HRS : Reflective side-channel cryptanalysis To: [EMAIL PROTECTED] Date: Mon, 11 Jul 2005 08:46:19 -0700 - --- When - FRI 15th July 1630 hrs at Gates 4-B

Re: fyi: Fingerprinting CPUs

2005-02-16 Thread Jeff . Hodges
[EMAIL PROTECTED] said: This subject came up before. http://citeseer.ist.psu.edu/shankar04side.html ah, yes, in various forms. The refs in that paper lead to this, fwiw.. http://dynamo.ecn.purdue.edu/~kennell/genuinity/publications.html JeffH